<?php
	defined('RUN') or die('No access');

	class AuthController
	{
		public function index()
		{
			$this->login();
		}

		public function login()
		{
			if (Auth::check('acp'))
			{
				Url::redirect('admin/dashboard');
			}

			$data = array();

			if (Input::post('action') == 'login' && Security::checkToken('login', Input::post('token')))
			{
				$user = Model::get('user')->checkAuth(Input::post('username'), Input::post('password'));

				if ($user && array_search($user['permission'], array('admin', 'mod')) !== FALSE)
				{
					Auth::set('acp');
					Session::set('user_auth', $user);

					Url::redirect('admin/dashboard');
				}
				else
				{
					$data['failed'] = TRUE;
				}
			}

			View::load('login.tpl', $data, 'admin');
		}

		public function logout()
		{
			Auth::remove('acp');

			Url::redirect('admin/auth/login');
		}
	}
